Hector Martin

FIPS is not very relevant... Common Criteria certification is. (and ROCA chip was CC certified). CC are not perfect (hence ROCA), but it doesn't mean they are useless... It remains far away more difficult to break a CC chip, than a STM32

The chip yes (probably), the firmware not so much. For the most part all those certification processes just slow things down and make it harder for people to actually implement modern best practices (instead of outdated ones). Silicon moves a lot slower than software.

It's not (probably). There are multiple articles showing that it costs a few dollars and require a few minutes to dump a general purpose MCU. The solution is more to try to open Secure chips, rather than using broken ones...

You have also historically been able to dump some secure MCUs with the same equipment. The problem is that NDAs stop those chips from being more widely audited, so we don't *know* if they really are more secure. In theory they are, but we don't have enough evidence.

And yet nobody found ROCA. Even though that code stank. Audits are largely useless, because they often just verify that you do what you say you do, not that you're actually secure. "Yes, we have these mitigations (which stop one variant of an attack but not another)".

If they can't audit software properly I'm not going to assume they can audit hardware properly.